Merge pull request #1 from onSec-fr/main

Fix Args Check & Add Computer filter
swisskyrepo · Feb 17, 2021 · 41e468f · 41e468f
2 parents 1812a6c + 415a008
commit 41e468f
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/SharpLAPS/Program.cs b/SharpLAPS/Program.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.DirectoryServices;
 using System.IO;
@@ -24,6 +24,7 @@ static void Main(string[] args)
             var parsed = ArgumentParser.Parse(args);
             String username = null;
             String password = null;
+            String target = "*";
             String connectionString = "LDAP://{0}:{1}";
             DirectoryEntry ldapConnection;
 
@@ -36,6 +37,7 @@ static void Main(string[] args)
                 Console.WriteLine("\nOptional");
                 Console.WriteLine("/user:<username> Username of the account");
                 Console.WriteLine("/pass:<password> Password of the account");
+                Console.WriteLine("/target:<target> computer name (if not set query all computers in AD)");
                 Console.WriteLine("/out:<file>      Outputting credentials to file");
                 Console.WriteLine("/ssl             Enable SSL (LDAPS://)");
 
@@ -52,10 +54,15 @@ static void Main(string[] args)
             {
                 connectionString = String.Format(connectionString, parsed.Arguments["/host"], "636");
             }
-
+
+            // Filter computer name
+            if (parsed.Arguments.ContainsKey("/target"))
+            {
+                target = parsed.Arguments["/target"] + "$";
+            }
 
             // Use the provided credentials or the current session
-            if (parsed.Arguments.ContainsKey("/host") && parsed.Arguments.ContainsKey("/pass"))
+            if (parsed.Arguments.ContainsKey("/user") && parsed.Arguments.ContainsKey("/pass"))
             {
                 Console.WriteLine("\n[+] Using the following credentials");
                 Console.WriteLine("Host: " + connectionString);
@@ -76,7 +83,7 @@ static void Main(string[] args)
                 ldapConnection = new DirectoryEntry(connectionString, username, password, System.DirectoryServices.AuthenticationTypes.Secure);
                 Console.WriteLine("\n[+] Extracting LAPS password from LDAP");
                 DirectorySearcher searcher = new DirectorySearcher(ldapConnection);
-                searcher.Filter = "(&(objectCategory=computer)(ms-MCS-AdmPwd=*))";
+                searcher.Filter = "(&(objectCategory=computer)(ms-MCS-AdmPwd=*)(sAMAccountName=" + target + "))";
 
                 // Iterate over all the credentials
                 List<string> output = new List<string>();